Scan Report
5 /100
automatic-skill
Automatic Skill — 每日自动调研、设计、制作、测试并发布新 Skill 的元技能流水线
This is a legitimate meta-skill pipeline orchestrator with no malicious behavior. All scripts are pure prompt-generators that output text instructions for agents; they perform no dangerous operations themselves. Credential access (GITHUB_TOKEN, CLAWHUB_TOKEN) is fully declared in SKILL.md metadata and used solely for their stated purpose (GitHub commit/push and clawHub API publish). No hidden functionality, credential harvesting, or data exfiltration was found.
Safe to install
This skill is safe to use. The declared environment variables (GITHUB_TOKEN, CLAWHUB_TOKEN) are necessary and appropriate for its publish-to-GitHub-and-clawHub purpose. No action required.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | SKILL.md lists 9 stages but pipeline.js implements 10 Doc Mismatch | SKILL.md:38-46 vs scripts/pipeline.js:52:38 |
| Low | SKILL.md documentation table has wrong stage numbers Doc Mismatch | SKILL.md:38-46 vs scripts/pipeline.js:52:38 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | Scripts read from data/ JSON files and write pipeline state — all documented in … |
| Network | READ | READ | ✓ Aligned | upload.js:90 — curl to api.clawhub.io; verify-upload.js:73 — GET api.clawhub.io.… |
| Shell | NONE | NONE | — | No direct shell:WRITE found. Scripts output prompts instructing agents to run gi… |
| Environment | READ | READ | ✓ Aligned | GITHUB_TOKEN, GITHUB_REPO, CLAWHUB_TOKEN read and used solely for their document… |
| Skill Invoke | NONE | NONE | — | No skill-to-skill invocation. |
| Clipboard | NONE | NONE | — | No clipboard access. |
| Browser | NONE | NONE | — | No browser access. |
| Database | NONE | NONE | — | No database access. |
2 findings
Medium External URL 外部 URL
https://api.clawhub.io/v1/skills/publish scripts/upload.js:90 Medium External URL 外部 URL
https://api.clawhub.io/v1/skills/$ scripts/verify-upload.js:73 File Tree
19 files · 89.5 KB · 2381 lines JavaScript 14f · 2121L
Markdown 1f · 174L
JSON 4f · 86L
├─
▾
data
│ ├─
current-pipeline.json
JSON
│ └─
pipeline-log.json
JSON
├─
▾
scripts
│ ├─
create.js
JavaScript
│ ├─
daily-pipeline.js
JavaScript
│ ├─
design.js
JavaScript
│ ├─
final-review.js
JavaScript
│ ├─
pipeline.js
JavaScript
│ ├─
push-toggle.js
JavaScript
│ ├─
research.js
JavaScript
│ ├─
review.js
JavaScript
│ ├─
self-check.js
JavaScript
│ ├─
self-run.js
JavaScript
│ ├─
seo.js
JavaScript
│ ├─
status.js
JavaScript
│ ├─
upload.js
JavaScript
│ └─
verify-upload.js
JavaScript
├─
_meta.json
JSON
├─
package.json
JSON
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
(none) | N/A | npm | No | package.json has no external dependencies — all scripts use only Node.js built-in modules (fs, path) |
Security Positives
✓ No base64-encoded execution, eval(), or Function() with user-controlled strings
✓ No credential harvesting or exfiltration — tokens used only for declared publish purpose
✓ No reverse shell, C2 communication, or hidden network exfiltration
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, /etc/passwd)
✓ No obfuscation techniques (base64 piping, atob, etc.)
✓ No supply chain risks — package.json has no external dependencies
✓ Security checklist is included in review.js and enforces: no hardcoded API keys, input validation, no eval()
✓ Dry-run mode skips all network operations — safe for testing
✓ Lock file prevents duplicate pipeline runs
✓ Pipeline state is stored locally in data/ JSON files, not transmitted externally